隐私与安全风险分析模型

2012 5th International Conference on New Technologies, Mobility and Security (NTMS) Pub Date : 2012-05-07 DOI:10.1109/NTMS.2012.6208713

Ebenezer Paintsil

{"title":"隐私与安全风险分析模型","authors":"Ebenezer Paintsil","doi":"10.1109/NTMS.2012.6208713","DOIUrl":null,"url":null,"abstract":"This article introduces an extended misuse case (EMC) model for privacy and security risks analysis and formally validates the model by means of colored petri nets (CPNs). The EMC model extends the use and misuse cases (UMCs) model with security and privacy requirements. The proposed EMC model and the CPNs instantiation deal with some of the shortcomings of the traditional UMCs which include lack of quality goals and formal validation techniques. The CPNs instantiation enables automatic detection of possible violation of privacy and security goals and can be extended to communicate risk to both technical and non-technical stakeholders. The CPNs and EMC models are illustrated with privacy and security risks contributing factors for identity management systems (IDMSs).","PeriodicalId":401320,"journal":{"name":"2012 5th International Conference on New Technologies, Mobility and Security (NTMS)","volume":"26 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-05-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":"{\"title\":\"A Model for Privacy and Security Risks Analysis\",\"authors\":\"Ebenezer Paintsil\",\"doi\":\"10.1109/NTMS.2012.6208713\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This article introduces an extended misuse case (EMC) model for privacy and security risks analysis and formally validates the model by means of colored petri nets (CPNs). The EMC model extends the use and misuse cases (UMCs) model with security and privacy requirements. The proposed EMC model and the CPNs instantiation deal with some of the shortcomings of the traditional UMCs which include lack of quality goals and formal validation techniques. The CPNs instantiation enables automatic detection of possible violation of privacy and security goals and can be extended to communicate risk to both technical and non-technical stakeholders. The CPNs and EMC models are illustrated with privacy and security risks contributing factors for identity management systems (IDMSs).\",\"PeriodicalId\":401320,\"journal\":{\"name\":\"2012 5th International Conference on New Technologies, Mobility and Security (NTMS)\",\"volume\":\"26 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-05-07\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"8\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2012 5th International Conference on New Technologies, Mobility and Security (NTMS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/NTMS.2012.6208713\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 5th International Conference on New Technologies, Mobility and Security (NTMS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NTMS.2012.6208713","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 8

摘要

本文介绍了一种用于隐私和安全风险分析的扩展误用案例(EMC)模型，并通过彩色petri网(cpn)对该模型进行了形式化验证。EMC模型扩展了具有安全和隐私需求的使用和误用案例(UMCs)模型。提出的EMC模型和cpn实例化处理了传统umc的一些缺点，包括缺乏质量目标和形式化验证技术。cpn实例化支持自动检测可能违反隐私和安全目标的行为，并且可以扩展为向技术和非技术涉众传达风险。cpn和EMC模型说明了身份管理系统(IDMSs)的隐私和安全风险因素。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A Model for Privacy and Security Risks Analysis

This article introduces an extended misuse case (EMC) model for privacy and security risks analysis and formally validates the model by means of colored petri nets (CPNs). The EMC model extends the use and misuse cases (UMCs) model with security and privacy requirements. The proposed EMC model and the CPNs instantiation deal with some of the shortcomings of the traditional UMCs which include lack of quality goals and formal validation techniques. The CPNs instantiation enables automatic detection of possible violation of privacy and security goals and can be extended to communicate risk to both technical and non-technical stakeholders. The CPNs and EMC models are illustrated with privacy and security risks contributing factors for identity management systems (IDMSs).

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2012 5th International Conference on New Technologies, Mobility and Security (NTMS)

自引率

0.00%

发文量